Static IP Configurations for External Access

In our organization, one of the branch having a hardware firewall that suddenly damaged (cannot be use). Normally we're using that firewall to access a server there (Windows 2003 R2 Standard) externally using a static IP (public-given by the ISP), that IP configured in the Firewall.

In this case now we don't have any firewall in our branch office. But we still need to access the server using the same static IP without configuring any firewall at that end is possible? If yes please give valuable suggestions to how to configure the static IP to access our Branch Server externally.

Popular White Paper On This Topic

If you are having a router then you can configure the static IP on router ports and you can use port forwarding on your router. the alternate is you can configure static IP on server so that you can access it from internet as you were doing already. Do proper security configuration on Server

I hope you have 2 NIC at your server
NIC 1 your Local IP :192.168.x.x
NIC 2 use static ip : 100.x.x.x
gateway: to access the internet
Remember don't use multiple gateway, the gateway towards is compulsory in this case.

I'm sorry to say it, but you're looking for troubles. Big troubles. No mater what firewalls have you enabled on Windows box itself, it will be 100% hacked, it's just matter of time.

If you don't have a replacement firewall, or at least a router, just go to the closest store and get any "broadband router" (consumer grade). It costs just a few bucks, but it will provide at least some level of security and control. And for the future, have at least some kind of "disaster recovery plan" for such events.

Mike is right!!!! I would never place a production server directly on the Internet unless I was ok with sharing all data on server to the world. His recommendation is spot on! Any off the shelf consumer grade broadband router with built-in firewall that can provide VPN and NAT assignment for internal hosts will do until you can replace corp firewall.

If you DO directly connect the server to the Internet then fully patch every day, fun windows Firewall or third party, and scan system daily with malware bytes until you can correct the firewall issue. Verify all accounts on server have a password set and are complex, note all accounts presently created on the server so you can for new accounts being added as back doors. Rename administrator account (NOT TO ADMIN or MANAGER) then create an administrator and admin account with no rights-this creates a honey pot (access to the accounts may allow you to detect if the server is or has been hacked and compromised) .

I like to deploy bate files in order to help detect unauthorized access. Create a folder called Personnel date with several files call PersonnelDataYYYY.xls with fake names, addresses, and SNN, set folder and file ownership and rights to just your account, then set auditing to log/alert changes to folder/file ownership. If the system is hacked a file scan will quickly bring the person to the bate file and cause a log alert when they attempt to access file. To view or copy the file they have to take ownership and cannot be set back to your account unless they have access with your account. So watch or install a system log monitor to send email notices to you if ownership changes. Perform daily checks on bate files to see if ownership has changed then your hacked and you at least know the compromised account to disable. Good luckJ

Habebulla, I suggest the same as retze, however if you don't mind about
security with a firewall and have a router you can set up a static
translation using the public IP you want and mapping it to the private IP
of the server and protect it with an access rule.